Book review: DevOps Handbook by Gene Kim and co.

The highly anticipated DevOps Handbook, co-authored by the who’s who of DevOps – Gene Kim, Jez Humble, Patrick Debois and John Willis – was published this month. It is a completely non-fictional follow-up on their earlier book The Phoenix project. The book attempts to lay down the prescriptions for effective DevOps and in the process settles any lingering misconceptions on this topic. The target audience for the book is everyone in the IT industry, from developers to technology leadership and should appeal to the seasoned practitioner, as well the DevOps newbie.

DevOps value stream

DevOps draws its influence heavily from the Lean movement of the manufacturing industry and the early Agile movement in the IT industry. The book defines the DevOps value stream as the “process required to convert a business hypothesis into a technology-enabled service that delivers value to the customer”. It discusses how we can identify the best technology value streams for our DevOps transformation. The next step is to conduct a value stream mapping exercise which mostly results in an improved understanding of the value stream. It is often possible to re-engineer the process so that we can design a far simpler and more streamlined means to achieving the business goals.

It is often possible to re-engineer the process so that we can design a far simpler and more streamlined means to achieving the business goals.

The Three ways

Our next goal is to apply the Lean principles (also known as The Three ways) to the DevOps value steam:

Of course the book goes into more detail on each of the above topics, and addresses them with equal emphasis on culture and technology.

Integrating Change process, Security and Compliance

A section of the book is dedicated to the often overlooked areas of change management, security and compliance. This expands the scope of DevOps to include InfoSec (Information Security) and change management departments, and prescribes technical practices for the same. A simple example of such an integration, as neatly explained in a case study, would be to move all security issues from a traditional GRC (Governance, Risk and Compliance) tool into a tracking tool. Visible to Dev and Ops, such as Jira, and tag them there according to severity. This makes security issues visible and a responsibility of the team itself.

This makes security issues visible and a responsibility of the team itself.

The succinct nature of the book is very refreshing. A personal favorite is the numerous little case studies strewn all across the book. The authors cite real-world examples to drive home points, rather than just forcing down some theory. We learn about how companies big and small, implemented DevOps to solve grappling problems, ones that are easily relatable. The book covers a lot of ground with brief to-the-point sections, and definitely qualifies to be one of the best treatises available on the subject.

Additional reading suggestion: some of the TMNS’s successful DevOps case studies are available in the recently revamped DevOps section of our website.